Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The skill name, description, metadata, SKILL.md and example files all describe an API that returns aggregated 'hot list' data from 47 sources and the declared apiBaseUrl (https://airouter.tech/api) matches the examples. Minor inconsistency: the registry record listed 'Source: unknown' / 'Homepage: none' while metadata.json and multiple docs reference https://airouter.tech — you may want to verify the publisher and domain ownership, but functionally the requirements align with the stated purpose.
Instruction Scope
SKILL.md and other docs instruct only to perform GET requests to the aggregator endpoints and to cache/handle responses; there are no instructions to read local files, access unrelated environment variables, or transmit data to endpoints other than the documented apiBaseUrl.
Install Mechanism
This is an instruction-only skill with no install spec and no code files to write or run on the host, so there is no install-time risk.
Credentials
The skill requests no environment variables, secrets, or local config paths. The API is described as public/unauthenticated, so no credentials are required — this is proportionate to the described functionality.
Persistence & Privilege
Skill flags show always:false and normal agent invocation; the skill does not request persistent agent/system privileges or modify other skills' configuration.
Assessment
This skill appears coherent: it simply calls an external, unauthenticated API (https://airouter.tech/api) and returns JSON. Before installing, verify the trustworthiness of the airouter.tech domain and the publisher (look for a real repository or contact/support email), because the registry summary had 'Source: unknown'. Because the API is public and unauthenticated, it could be rate-limited, unreliable, or change behavior; avoid sending any sensitive data through it. Consider caching results (docs already suggest 5‑minute caching) to reduce outbound requests, and monitor your agent's outbound network requests after installation. If you need stronger assurance, ask the publisher for a canonical repo or privacy/terms page and confirm TLS and domain ownership.Like a lobster shell, security has layers — review code before you run it.
latestvk976wghs34yapk85trh3n34pcn836qwb
License
MIT-0
Free to use, modify, and redistribute. No attribution required.